5422 matches found
CVE-2026-56159
Heap-based buffer overflow in Windows DHCP Server allows an unauthorized attacker to execute code over a network...
CVE-2026-54128
Use after free in Windows DHCP Client allows an unauthorized attacker to execute code locally...
CVE-2026-50685
Double free in Windows DHCP Server allows an authorized attacker to execute code over a network...
CVE-2026-50683
Heap-based buffer overflow in Windows DHCP Server allows an authorized attacker to elevate privileges over an adjacent network...
CVE-2026-50370
Heap-based buffer overflow in Windows DHCP Server allows an unauthorized attacker to execute code over an adjacent network...
CVE-2026-54128
CVE-2026-54128 is a Windows DHCP Client use-after-free vulnerability that could allow an unauthenticated local attacker to execute code. The issue, described in the NVD entry and echoed by TALOS, affects the Windows DHCP Client component and is known to have been exploited in the wild (per CIRCL ...
CVE-2026-54128 Windows DHCP Client Remote Code Execution Vulnerability
...
CVE-2026-50683
CVE-2026-50683 is a Windows DHCP Client/Server heap-based buffer overflow that enables an authenticated attacker on an adjacent network to elevate privileges. Public details in the initial entry cite a heap-based overflow and adjacent-access attack path with high impact (C:H, I:H, A:H) and a CVSS...
CVE-2026-50685
CVE-2026-50685 is a Windows DHCP Server Remote Code Execution vulnerability caused by a double-free in the DHCP Server component. It is network-exploitable (no user interaction) and rated by Microsoft as an in-scope issue with high impact (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H; CVSS v3.1 base 7.5)....
CVE-2026-50518
CVE-2026-50518 is a heap-based buffer overflow in Windows DHCP Server that allows an unauthenticated attacker to execute code remotely over a network. Public sources (NVD, EUVD, CIRCL, MSRC update guidance) confirm the flaw and its impact as remote code execution; Talos notes exploitation in the ...
CVE-2026-50518 Windows DHCP Server Remote Code Execution Vulnerability
...
CVE-2026-61876
LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent network attackers to inject HTML markup. Attackers can send a DHCPv6 Client FQDN containing script tags that execute in the administrator's browser when viewing DHCP lease pages...
CVE-2026-61876 LuCI DHCPv6 Lease Hostname Stored Cross-Site Scripting
LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent network attackers to inject HTML markup. Attackers can send a DHCPv6 Client FQDN containing script tags that execute in the administrator's browser when viewing DHCP lease pages...
SUSE-SU-2026:2721-1 Security update for dracut
This update for dracut fixes the following issue - CVE-2026-6893: Root code execution via DHCP options command injection bsc1268322. Changes for dracut: - Update to version 055+suse.402.g2720eea: fixnetwork-legacy: sanitize DHCP values in dhclient-script.sh bsc1268322, CVE-2026-6893...
SUSE-SU-2026:2720-1 Security update for dracut
This update for dracut fixes the following issue - CVE-2026-6893: Root code execution via DHCP options command injection bsc1268322. Changes for dracut: - Update to version 055+suse.365.g79144c5: fixnetwork-legacy: sanitize DHCP values in dhclient-script.sh bsc1268322, CVE-2026-6893...
CVE-2026-14258
A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser ...
SUSE-SU-2026:22446-1 Security update for dracut
This update for dracut fixes the following issue - CVE-2026-6893: Root code execution via DHCP options command injection bsc1268322. Changes for dracut: - Update to version 059+suse.643.g1f1d880: fixnetwork-legacy: sanitize DHCP values in dhclient-script.sh bsc1268322, CVE-2026-6893...
SUSE-SU-2026:22496-1 Security update for dnsmasq
This update for dnsmasq fixes the following issues Update to 2.93: - CVE-2026-12725: heap buffer overflow in logquery when logging unsupported DS/DNSKEY replies bsc1268764. Changes for dnsmasq: CVE-2026-12725, bsc1268764: Heap buffer overflow in logquery when logging unsupported DS/DNSKEY replies...
CVE-2026-56113
A flaw was found in dhcpcd. An unauthenticated attacker on the same network link can exploit this vulnerability by sending a specially crafted DHCPv6 RENEW reply. This can lead to a Denial of Service DoS, causing the dhcpcd daemon to crash due to a heap use-after-free vulnerability...
[SECURITY] [DLA 4642-1] u-boot security update
Debian LTS Advisory DLA-4642-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson June 23, 2026 https://wiki.debian.org/LTS Package : u-boot Version : 2021.01+dfsg-5+deb11u3 2023.01+dfsg-2+deb12u3 CVE ID : CVE-2024-42040 CVE-2026-46728 Debian Bug : 1081557 1136954...